Technology used by Hewlett-Packard in the boardroom leak
investigation that has become a major spying scandal is widely
available, it has emerged.
Publicity around the methods used to investigate the source of
boardroom leaks to the media has centred on “pretexting”, where
investigators have obtained phone company records on individuals by
posing as legitimate customers.
But it has emerged that HP also used a “tracer” device or web
bug. HP ethics chief Kevin Hunsaker confirmed in a memo to senior
company executives that a "covert intelligence gathering operation"
used a Microsoft Hotmail e-mail account to send a "legally
permissible software-based tracing device” in an e-mail attachment”
sent to a journalist, the San Jose Mercury News reported.
Web bug technology is widely used in websites and e-mails and
has legitimate applications, such as downloading logos. It is often
used to monitor website visits.
Lawyer Mike Holston, brought in to investigate the nature of the
leak inquiry, has also acknowledged that HP used a "tracer" in a
bid to uncover a journalist's sources, while HP chief executive
Mark Hurd has confirmed that he approved sending an e-mail with
misinformation to a journalist, while denying that he authorised a
tracer.
Experts from the Electronic Frontier Foundation have argued that
the “tracer” is likely to be a "web bug" planted on the
journalist’s computer.
A web bug is a small graphic image that can be embedded into an
e-mail and is usually invisible to users. But if the e-mail is
opened through a graphical browser or e-mail reader, the image is
downloaded, resulting in a request to the server storing the image
file from the user’s computer – a move that effectively confirms
that the e-mail has been read.
It is understood that the web bug was sent to a journalist in
the hope that she would forward it to her source, so the tracer
technology would pick up a request from the source’s machine, and
allowing identification by their internet Protocol address.